User Data Deletion Policy
Last updated: June 15, 2026
1. Overview
At ProxCore, we respect your right to control your personal data. This policy explains how you can request the deletion of your data, what gets deleted, and the timelines involved. This policy applies to all ProxCore services, including CRM, financial management, project management, time tracking, password vault, asset management, communication integrations, and the client portal.
2. Types of Deletion Requests
2.1 Individual Account Deletion
If you want to delete your individual user account while the organisation continues to operate:
- Your personal profile data (name, email, password hash) will be permanently removed
- Your activity logs and time entries will be anonymised (attributed to "Deleted User")
- Business records you created (leads, quotes, invoices, etc.) will remain as part of the organisation's data but will be disassociated from your personal identity
- Your Password Vault entries will be permanently deleted
- Calendar events you created will be deleted
2.2 Full Organisation Deletion
If an organisation administrator requests full organisation deletion, the following data is permanently removed:
- All user accounts within the organisation
- All customer and contact records
- All leads, quotes, proposals, invoices, and related financial data
- All projects, tasks, and time tracking entries
- All expense records and payment data
- All accounting entries (journal entries, bank reconciliation records)
- All Password Vault entries
- All asset management records
- All calendar events
- All uploaded files and documents (removed from cloud storage)
- All WhatsApp conversations and messages
- All Twilio call logs and recordings
- All integration settings (WhatsApp, Twilio, SMTP, Currency)
- Organisation settings, Stripe subscription data, and billing history
- Client Portal access tokens and configuration
- Reports and analytics data
3. How to Request Data Deletion
Option 1: Email Request
Send a deletion request to [email protected] with the following information:
- Subject line: "Data Deletion Request"
- Your registered email address
- Organisation name (if requesting full organisation deletion)
- Type of deletion: Individual Account or Full Organisation
- Any specific data you want removed (if partial deletion)
Option 2: In-Platform Request
Organisation administrators can initiate data deletion through:
- Navigate to Settings within your organisation
- Contact your organisation administrator to escalate the request
- Admins may contact our support team directly through the platform
4. Deletion Process & Timeline
| Stage | Timeline | Description |
|---|---|---|
| Acknowledgement | Within 48 hours | We confirm receipt of your request and verify your identity |
| Grace Period | 14 days | A grace period during which you can cancel the deletion request. Your account will be deactivated but data remains intact. |
| Data Removal | Up to 30 days | All applicable data is permanently removed from our active databases and cloud storage |
| Backup Purge | Up to 90 days | Data is purged from all backup systems. During this window, data exists only in encrypted backups and is not accessible. |
5. Data We May Retain
Even after a deletion request, we may retain certain data as required by law or legitimate business interests:
- Financial records: Invoice and payment records may be retained for tax and accounting compliance (typically 5-7 years depending on jurisdiction)
- Billing history: Stripe transaction records required for financial reporting
- Legal obligations: Data required to comply with legal holds, court orders, or regulatory requirements
- Fraud prevention: Minimal data to prevent abuse and maintain platform integrity
- Aggregated analytics: Anonymised, non-identifiable usage statistics for platform improvement
6. Impact on Third-Party Services
When your data is deleted from ProxCore, please note the following regarding third-party integrations:
- Stripe: Your Stripe customer record and subscription will be cancelled. Historical transaction data on Stripe's side is governed by Stripe's data retention policy.
- WhatsApp (Meta): Message history stored on ProxCore will be deleted. Messages stored on Meta's servers are governed by WhatsApp's Privacy Policy. You should also submit a data deletion request to Meta directly.
- Twilio: Call logs and recordings stored on ProxCore will be deleted. Data stored on Twilio's servers is governed by Twilio's Privacy Policy.
- AWS S3: All files stored in cloud storage on your behalf will be permanently deleted.
7. Before You Request Deletion
We recommend taking the following steps before submitting a deletion request:
- Export your data: Download any reports, invoices, quotes, and documents you wish to keep
- Inform your team: If deleting an organisation, notify all members in advance
- Cancel active subscriptions: Cancel your subscription through the Billing page or Stripe Customer Portal to avoid further charges
- Download vault entries: Export any passwords or credentials from the Password Vault
- Notify your clients: If you use the Client Portal, inform your clients that their access will be revoked
- Disconnect integrations: Revoke API access for WhatsApp and Twilio from their respective developer consoles
8. Data Portability
Before deletion, you have the right to request a copy of your data in a structured, machine-readable format. Contact us at [email protected] to request a data export. We will provide the export within 30 days of the request.
9. Verification
To protect against unauthorised deletion requests, we will verify your identity before processing. This may include:
- Confirming your registered email address
- Verifying you are an organisation administrator (for organisation deletions)
- Requesting additional identification if the request is made from an unrecognised channel
10. Contact Us
For data deletion requests or questions about this policy:
- Email: [email protected]
- Subject line: "Data Deletion Request"
- Platform: ProxCentral Platforms
We are committed to processing your request promptly and transparently. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.